F-secure does not find and hence do not remove virus/trojan- please update virus definition

Hi,

 

Since F-secure is closed in Sweden due to holidays this message is posted here. Saturday night a new explorer page opened itselfe claiming Microsoft Antivirus had found critical activity on my PC and I was suppose to press ok to clean my computer. Of course I did not but what annoyed me was that I had to use the activity manager (not sure of the english name) to close the page. Since then I have updated my virus definitions several times, reinstalled Internet Security and also tried F-secures online web check. Unfourtunately it seems the virus is not known to F-secure or the virus program is not able to find it. To make sure this was actually something on my computer I closed down all internet possibilities and opened explorer, the page was now opened as the start page.... Hence I think I could exlude the possibility of firewall problems.. The page is grey with only a ok- button ant has the link (http://853e4f39.webantiviruspro2042.pl).... do not use this, beware!!!!. I also at one occation g ot a popup from Microsoft Security Essensial Alert related to this.

 

Does anyone else has seen this virus/trojan and F-secure, please update your definitions so I could dare to use my computer again, please!!!

 

/Nanne

Comments

  • Simon
    Simon Posts: 2,667 Superuser
    Try running a scan with https://www.malwarebytes.org/. Hopefully that will remove any infection, while awaiting a response from F-Secure.
  • valla
    valla Posts: 1

    I have got the same , but from 853e4f39webantivirusprow.pl

  • NikK
    NikK Posts: 903 Forum Champion

    This is not a virus or trojan. It's a fake message that will try to trick you into downloading a software to be able to delete these "made up" infections. It might be an Adware or a Toolbar that is causing this.

    As Simon suggested, download, install and run the free version of Malwarebytes Anti-Malware(MBAM). It will find programs called PUP(Potentially Unwanted Programs) which defines a wide range of different unwanted program behaviors. Definition of PUP here 

    I recommend MBAM regardless of what anti-virus product you have.

     

    Additional information

    No anti-virus product can protect you to 100%. I would say that the main risk in getting infected is the user behavior. People designing ads and fake messages are taking advantage of this. So only click on messages you know are genuine.

    When installing products, make sure you uncheck any options for additional toolbars etc.

    To be extra safe, before installing or running new programs I recommend scanning them on VirusTotal which is a multi-engine anti-virus scanner. F-Secure is one of 48 scanners at the moment. VirusTotal also has a multi-engine URL scanner for checking web pages addresses.

    Give Kudos to say "thanks". Click "Accept as Solution" to inform others when your issue's been solved
    Need more help? Submit a Support Request or chat / call F-Secure support
  • Janiashvili
    Janiashvili Posts: 454 Adventurer
    they still have to find it, as it's one kind of malware...
  • NikK
    NikK Posts: 903 Forum Champion

    Yes, I meant this type is not usually detected by traditional anti-virus products. I believe the specific term for it is "scareware".

    If Malwarebytes Anti-malware doesn't remove it we can suggest other products.

  • Nanne
    Nanne Posts: 4 Observer

    Many thanks to you all for contributing!!!

     

    I have now tried malwarebytes and did both a quick and a full scan, unfortunately without any results. Recently I have installed a clock from the app store and the CDburnerXP from its home page. Do you think I should remove these apps? Or if this problem continoues, should I even reinstall explorer. It seems chrome is not affected and I guess I am not in great need of explorer.

     

    Does anyone  know for sure this is only a scareware and not a trojan? Is it installed onto explorer or in another folder?

     

    Thanks again!

     

    /Nanne

  • Simon
    Simon Posts: 2,667 Superuser

    CDBurnerXP should be fine, providing you didn't allow it to install any toolbars or other 'bundled' software as well.  There's usually a tickbox during the installation which you should have unticked.

     

    I can't comment on the clock from the app store, but do you have any extra toolbars on Internet Explorer now?  If so, try removing these in IE's Add-Ons Manager.

  • NikK
    NikK Posts: 903 Forum Champion

    Nanne, I found a Microsoft article with more information about these fake alerts. It recommends scanning with Microsoft Safety Scanner 

     

    Similar problem and other suggestions here at a Microsoft forum.

     

    If you have installed a program that you're unsure about and not necessarily need it, then remove it.

  • NikK
    NikK Posts: 903 Forum Champion

    Nice work, sounds like you may have found the source. I wonder if any of the other 47 malware scanners at VirusTotal is able to detect this. I don't have Windows 8 so I can't download the Clock app, but maybe you could try? You first download the file, then go to VirusTotal and upload it and wait for the result.

  • Nanne
    Nanne Posts: 4 Observer

    I have used explorer for three days now without any issues. Best guess for source of the malware is the clock app from the app store. 

     

    NikK, my computer skills are not that great that I dare to install the app again. A good day for me is a day when I manage to find the windows 8 control panel within 5 minutes Smiley Happy I will try to report this to whomever is running this app store.

     

    Take care!

  • NikK
    NikK Posts: 903 Forum Champion

    I see. Thanks for you feedback.

     

    But just as information(to all who reads this): I never meant you should install it, only download it and then scan it on VirusTotal. I would of course do that myself if I could, but with Windows 7 I'm not allowed to download it Smiley Sad

     

    PS. An interesting note on Clock App home page is:

    Upgrade options available as inapp purchase: No Ads

This discussion has been closed.
Pricing & Product Info